Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Tag Archives: Government Agencies

Upcoming NIST Hosted DFARS Safeguarding Clause & CUI Training – October 18, 2018

Posted in Cybersecurity / Data Security
The National Institute of Standards and Technology (“NIST”) is hosting a cybersecurity workshop on the Defense Federal Acquisition Regulation System (“DFARS”) Safeguarding Clause and related regulations on Thursday, October 18, 2018.  The workshop, in coordination with the Department of Defense (“DoD”) and the National Archives and Records Administration (“NARA”), will provide an overview of Controlled… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of July 3

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
Article 31 Committee approves Privacy Shield; House Cuts FCC Funding Over Attempted Broadband Privacy Regulations; No Charges for Clinton in Data Security Probe; European Commission launches public-privacy partnership on cybersecurity; European Parliament adopts NIS Directive; Privacy Code of Conduct for mHealth app providers finalized; French parliament about to make French Privacy act more severe; Russia… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 26

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy, Social Media
Adoption of Privacy Shield expected in early July; Federal Court limits VPPA liability; Belgian Court overturns Facebook fine; FTC robocall crackdown; A rare HIPAA criminal conviction; UK’s ICO fines Brexit campaigners for mass text messages; House report calls for national encryption commission. European Commission expects adoption of Privacy Shield for beginning of July European officials… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 30, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
EU-U.S. Agreement on Law Enforcement Data; European Data Protection Supervisor Criticizes Privacy Shield; House Members Criticize FCC Privacy Proposal; NHTSA Targets Automotive Cybersecurity; Yahoo Releases National Security Letters; CareFirst Data Breach Lawsuit Dismissed; FDA Guidance on Data Protection in Investigations EU and U.S. sign Umbrella Agreement on Law Enforcement Data On June 2, 2016, Vera… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 23, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Data Breach Liability Requires Actual Misuse; More U.S.-EU Data Transfer Uncertainty; Airline App Exempt from State Privacy Law; Pending Cyber Bill Would Create Consortium; Encryption-Related Deceptive Advertising Settlement; PayPal Fined for Deceptive Trade Practices The Spokeo effect: data breach claims require actual examples of information misuse Last week, a federal court dismissed claims alleging harm… Continue Reading

Privacy & Cybersecurity News Update- 3 Week Summary

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Internet of Things, Privacy
The Panama Papers Leak – An overview on histories’ biggest data leak; Article 29 Working Party about to release opinion on EU-U.S. Privacy Shield; EU: GDPR and PCJ DPD about to be approved next week – final consolidated text published by Council; US: New HIPAA Audit Protocol Released as a Guidance Tool for phase two… Continue Reading

FTC’s New Chief Technologist Speaks at Crowell & Moring

Posted in Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
Yesterday, Crowell & Moring hosted an International Association of Privacy Professionals (IAPP) KnowledgeNet featuring the Federal Trade Commission’s (FTC) new Chief Technologist, Lorrie Cranor. In her short time at the FTC, Cranor has already made waves by encouraging companies to rethink mandatory password changes.  At the event, Cranor spoke about the focus of her work,… Continue Reading

EU DPAs Say Privacy Shield an Improvement but Needs Some Work

Posted in Government Agencies, Privacy
Uncertainty surrounding the U.S.-EU Safe Harbor (Safe Harbor) replacement, the EU-U.S. Privacy Shield (Privacy Shield), will remain for now. On April 13, 2016 the European Union (EU) Article 29 Working Party (WP29) comprised of all 28 EU member state data protection authorities (DPAs) announced its official but non-binding opinion on the European Commission’s (EC) draft… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Social Media
OCR Announces a Settlement … Again; HHS Eases Restrictions on Mental Health Information Sharing to Facilitate Gun Control Efforts; Facebook: Users Lack Standing in Cookie MDL; Plaintiffs Argue for Summary Judgment in $5 Million Twitter TCPA Suit OCR Announces a Settlement … Again For the second time this week, OCR announced another huge settlement. The… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
FTC Settles IoT Enforcement Action; HHS Releases HIPAA/NIST Crosswalk; HHS Provides FAQs on Patient Fees for PHI Release; Judicial Redress Act Becomes Law FTC Identifies Reasonable Security Measures Through IoT Enforcement Action The Federal Trade Commission (FTC) settled charges with ASUSTek Computer, Inc. (ASUS), a manufacturer of home router and home networking (or “home cloud”)… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
California AG Defines “Reasonable Security;” Apple Opposes FBI Hack Request; Russia to Enforce Data Localization with (Surprise) Audits; HHS Helps Health App Developers Determine if Subject to HIPAA; Carrier IQ Agrees to $9M Data Leak Settlement California AG Defines “Reasonable Security” California Attorney General (AG) Kamala Harris published the 2016 “California Data Breach Report,” which… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
President announces cybersecurity action plan; Congress passes Judicial Redress Act; French DPA notice provides compliance guidance; and FCC set to enforce CPNI rules. President Obama Announces Cybersecurity Action Plan The President announced his Cybersecurity National Action Plan (CNAP) this week, with a FY 2017 Budget proposal that includes $19 billion on CNAP initiatives – a… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
HHS proposes new substance abuse information confidentiality rules; HHS releases PHI disclosure fact sheets; U.S.-EU Safe Harbor replacement announced; OCR levies civil monetary penalties; and FTC settles charges with technology company for installing apps without consent. HHS Proposes Update to Substance Abuse Confidentiality Rules The U.S. Department of Health and Human Services (“HHS”) announced a… Continue Reading

OCR Levies Second Ever HIPAA Civil Monetary Penalty

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Rules
For only the second time in its history (following the $4.3 million Cignet case) the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) imposed civil money penalties (CMPs) on a company for violating the Health Insurance Portability and Accountability (HIPAA) Privacy Rule. Lincare, Inc. (Lincare), a home health provider, was… Continue Reading

EU Member States to Investigate EU-U.S. Transfers That Rely Solely on Invalidated Safe Harbor: Starting Now

Posted in Cybersecurity / Data Security, Government Agencies, Privacy, Sanctions
Certain European Union (EU) Member States’ data protection authorities (DPAs) have already started to announce investigations and or “prudential measures” for data transfers solely relying on the invalidated “U.S.-EU Safe Harbor Framework” (Safe Harbor). In the aftermath of the announcement of the “EU-U.S. Privacy Shield” (Privacy Shield), the Article 29 Working Party (WP29), comprised of… Continue Reading

EU Regulators React to New EU-U.S. Privacy Shield

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The Article 29 Working Party (WP29), consisting of the data protection authorities (DPAs) of all 28 European Union (EU) Member States, met February 2-3 to discuss the future of EU-U.S. data flows. The meeting coincided with an end-of-January deadline that WP29 had set for the European Commission and U.S. Department of Commerce to provide a… Continue Reading

U.S.-EU Safe Harbor Renegotiation in Jeopardy

Posted in Government Agencies, Privacy
The U.S. Department of Commerce and European Commission have remained publicly optimistic about their renegotiation of the U.S.-EU Safe Harbor (Safe Harbor) following the program’s invalidation by the European Court of Justice in October. Unfortunately, there are signs of trouble in the U.S. Senate and future trouble coming from European Union (EU) regulators. The EU… Continue Reading

Privacy-Cybersecurity Weekly News Update December 6- 11, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Wyndham-FTC Settlement Looks to PCI; Target Consumer Appeals Settlement; Leaders Propose Encryption Commission; Ashley Madison MDL in St. Louis; FTC Commissioner Warns of FCC ISP Overreach; Moms Sue Over Doll’s IoT Capability Wyndham to Implement PCI-Focused Information Security Program in Settlement with FTC On Wednesday, the FTC and Wyndham settled a long-standing dispute regarding the hospitality… Continue Reading

Key EU Privacy & Cybersecurity Highlights, November 30 – December 6, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
EU Data Protection Law Reform: Most of the General Data Protection Regulation (GDPR) text agreed in principle; Schrems’ second hit – Austrian citizen files three new complaints with EU Data Protection authorities to suspend data transfers outside the EU by Facebook; EU Privacy Regulators to Evaluate VTech Breach. EU Data Protection Law Reform: Most of… Continue Reading

Privacy-Cybersecurity Weekly News Update November 29- December 4, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Target Settles Data Breach Claims with Banks and Insurers On Thursday, Target agreed to settle claims with a group of financial institutions arising from its 2013 data breach involving customers’ credit card information.  Target reportedly will pay $39 million to settle the class-action suit in federal court in Minnesota.  This settlement follows a $67 million… Continue Reading

Key EU Privacy & Cybersecurity Highlights, November 16 – November 22, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
Record Fine: Belgium’s Court orders Facebook to stop Data Protection law violation under forfeiture of a penalty of € 250,000 per day; Big Data: Opinion of The European Data Protection Supervisor; Safe Harbor Topic 1: Hamburg DPA actively preparing enforcement actions; Data Protection vs. Terrorism: Belgium to push for Passenger Records Law following Paris attacks;… Continue Reading

Key Privacy & Cybersecurity Highlights, November 2 – November 8, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
FCC’s expands data security enforcement; Sprint settles FCRA claims; $12.5M fine for background screening agencies; Congress considers auto cybersecurity study; No FCC “do not track” rules; Safe harbor alternatives; No SCA liability for inadvertent disclosure FCC takes first enforcement action related to cable operator’s data security The Federal Communications Commission fined Cox Communications $595,000 for… Continue Reading

Key Privacy & Cybersecurity Highlights, October 26, 2015 – November 1, 2015

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Public Sectors
“Safe Harbor 2.0” Agreement in Principle; Senate Passes Cybersecurity Bill; Target Breach Investigation Documents Privileged; Text Message Alert May Fall Within TCPA U.S.-EU reach agreement in principle on data sharing rules Last week, the U.S. and the European Union announced they reached an agreement in principle concerning transatlantic data transfers .  This new deal, to… Continue Reading